Skip to content

v5.8.4-stable

Latest
Latest

Choose a tag to compare

View all tags
@kareem-wolfssl kareem-wolfssl released this 30 Dec 19:24
· 26 commits to master since this release
v5.8.4-stable
05433e9
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

What's Changed

  • Fix an issue which allowed a client without a cert to connect despite setting verify_mode to CERT_REQUIRED (CVE-2025-15346):
    A vulnerability in the handling of verify_mode = CERT_REQUIRED in the wolfssl Python package (wolfssl-py) causes client certificate requirements to not be fully enforced. Because the WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT flag was not included, the behavior effectively matched CERT_OPTIONAL: a peer certificate was verified if presented, but connections were incorrectly authenticated when no client certificate was provided. This results in improper authentication, allowing attackers to bypass mutual TLS (mTLS) client authentication by omitting a client certificate during the TLS handshake.
    Thanks to Matan Radomski from Microsoft for the report.
  • Update for v5.8.4 release by @kareem-wolfssl in #63

Contributors

kareem-wolfssl
Assets 4
Loading